Security Incident Response Criteria: A Practitioner's Perspective

TL;DR

This paper introduces the Security Incident Response Criteria (SIRC), a set of evaluation guidelines derived from empirical data, to assess and improve security incident response processes in organizations.

Contribution

It presents the SIRC framework, the first empirically-derived criteria set for evaluating and guiding security incident response improvements.

Findings

SIRC criteria effectively evaluate existing incident response solutions.

Empirical data from interviews underpin the criteria.

SIRC supports continuous improvement in security incident management.

Abstract

Industrial reports indicate that security incidents continue to inflict large financial losses on organizations. Researchers and industrial analysts contend that there are fundamental problems with existing security incident response process solutions. This paper presents the Security Incident Response Criteria (SIRC) which can be applied to a variety of security incident response approaches. The criteria are derived from empirical data based on in-depth interviews conducted within a Global Fortune 500 organization and supporting literature. The research contribution of this paper is twofold. First, the criteria presented in this paper can be used to evaluate existing security incident response solutions and second, as a guide, to support future security incident response improvement initiatives.